ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning
Full text PdfPdf (1.16 MB)
Source
ACM Transactions on Information and System Security (TISSEC) archive
Volume 11 ,  Issue 2  (March 2008) table of contents
Article No. 2  
Year of Publication: 2008
ISSN:1094-9224
Authors
Chad D. Mano  University of Notre Dame
Andrew Blaich  University of Notre Dame
Qi Liao  University of Notre Dame
Yingxin Jiang  University of Notre Dame
David A. Cieslak  University of Notre Dame
David C. Salyers  University of Notre Dame
Aaron Striegel  University of Notre Dame
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 129,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1330332.1330334
What is a DOI?

ABSTRACT

Wireless network access has become an integral part of computing both at home and at the workplace. The convenience of wireless network access at work may be extremely beneficial to employees, but can be a burden to network security personnel. This burden is magnified by the threat of inexpensive wireless access points being installed in a network without the knowledge of network administrators. These devices, termed <it>Rogue Wireless Access Points</it>, may allow a malicious outsider to access valuable network resources, including confidential communication and other stored data. For this reason, wireless connectivity detection is an essential capability, but remains a difficult problem. We present a method of detecting wireless hosts using a local RTT metric and a novel packet payload slicing technique. The local RTT metric provides the means to identify physical transmission media while packet payload slicing conditions network traffic to enhance the accuracy of the detections. Most importantly, the packet payload slicing method is transparent to both clients and servers and does not require direct communication between the monitoring system and monitored hosts.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Atul Adya , Paramvir Bahl , Ranveer Chandra , Lili Qiu, Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks, Proceedings of the 10th annual international conference on Mobile computing and networking, September 26-October 01, 2004, Philadelphia, PA, USA  [doi>10.1145/1023720.1023724]
2
Steven M. Bellovin, A technique for counting natted hosts, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France  [doi>10.1145/637201.637243]
 
3
Beverly, R. 2004. A robust classifier for passive TCP/IP fingerprinting. In <it>Proceedings of Passive and Active Network Measurement, 5th International Workshop</it>. 158--167.
 
4
Beyah, R., Kangude, S., Yu, G., Strickland, B., and Copeland, J. 2004. Rogue access point detection using temporal traffic characteristics. In <it>Proceedings of IEEE Global Telecommunications Conference (GLOBECOM'04)</it>. 2271--2275.
 
5
Cheng, L. and Marsic, I. 2001. Fuzzy reasoning for wireless awareness. <it>Int. J. Wirel. Inform. Netw. 8,</it> 1, 15--26.
 
6
Chirumamilla, M. K. and Ramamurthy, B. 2003. Agent based intrusion detection and response system for wireless lans. In <it>Proceedings of IEEE International Conference on Communications</it>. Vol. 1. 492--496.
 
7
Deraison, R. and Gula, R. 2003. Using nessus to detect wireless acccess points. Tenable Network Security. http://www.tenablesecurity.com/papers.html.
 
8
Guo, F. and Chiueh, T. 2006. Sequence number-based mac address spoof detection. <it>EURASIP J. Wirel. Commu. Network.</it>
 
9
Mark Handley , Vern Paxson , Christian Kreibich, Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics, Proceedings of the 10th conference on USENIX Security Symposium, p.9-9, August 13-17, 2001, Washington, D.C.
 
10
Ronda R. Henning, Vulnerability Assessment in Wireless Networks, Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops), p.358, January 27-31, 2003
11
Phil Karn , Craig Partridge, Improving round-trip time estimates in reliable transport protocols, ACM Transactions on Computer Systems (TOCS), v.9 n.4, p.364-373, Nov. 1991  [doi>10.1145/118544.118549]
 
12
Mano, C. 2006. Defending against malicious rogue system threats. Ph.D. thesis, University of Notre Dame.
 
13
Stefan Savage, Sting: a TCP-based network measurement tool, Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems, p.7-7, October 11-14, 1999, Boulder, Colorado
 
14
Weaver, N., Paxson, V., and Sommer, R. 2006. Work in progress: Bro-LAN pervasive network inspection and control for LAN traffic. In <it>Workshop on Enterprise Network Security</it>.
 
15
Wei, W., Suh, K., Gu, Y., Wang, B., and Kurose, J. 2006. Passive online rogue access point detection using sequential hypothesis testing with tcp ack-pairs. UMass CMPSCI Tech. rep. 2006-60.
 
16
Wei, W., Wang, B., Zhg, C., Kurose, J., and Towsley, D. 2005. Classification of access network types: Ethernet, Wireless LAN, ADSL, Cable Modem or Dialup? In <it>Proceedings of Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05)</it>. 1060--1071.

CITED BY  4
Suman Jana , Sneha Kumar Kasera, On fast and accurate detection of unauthorized wireless access points using clock skews, Proceedings of the 14th ACM international conference on Mobile computing and networking, September 14-19, 2008, San Francisco, California, USA
Wei Wei , Kyoungwon Suh , Bing Wang , Yu Gu , Jim Kurose , Don Towsley, Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA
Gaogang XIE , Tingting He , Guangxing Zhang, Rogue access point detection using segmental TCP jitter, Proceeding of the 17th international conference on World Wide Web, April 21-25, 2008, Beijing, China
Lanier Watkins , Raheem Beyah , Cherita Corbett, Using link RTT to passively detect unapproved wireless nodes, International Journal of Security and Networks, v.4 n.3, p.153-163, July 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.1 Network Architecture and Design
          Subjects: Network communications

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Management, Measurement, Security


Keywords:
network security, rogue systems, traffic conditioning

Collaborative Colleagues:
Chad D. Mano: colleagues
Andrew Blaich: colleagues
Qi Liao: colleagues
Yingxin Jiang: colleagues
David A. Cieslak: colleagues
David C. Salyers: colleagues
Aaron Striegel: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player